search

AcademySoftwareFoundation / tac

Materials and meeting notes for the ASWF Technical Advisory Council (TAC)
https://tac.aswf.io
Creative Commons Attribution 4.0 International
94 stars 30 forks source link

Zero Trust Working Group #621

Open j-helman opened 3 months ago

j-helman commented 3 months ago

Describe the purpose of the group in no more than 4-5 sentences

The purpose of the Zero Trust Working Group is to support ASWF projects that need to function in a Zero Trust operating environment. As workflows and assets move to the cloud, perimeter security is no longer adequate in many situations. New models, such as Zero Trust, are being used that require many clients and services to become security aware. For example, they may need to integrate with authentication and authorization services or to interoperate with logging, monitoring, or threat detection systems.

The aim of this working group is to assist ASWF projects in determining their zero trust security needs and to share best practices on implementation approaches.

Goals of the working group

  1. Assist community members in becoming aware of the use of zero trust security models and how that relates to ASWF projects.
  2. Consolidate and share best practices for implementing those models including security by design.
  3. Explore the value of having an ASWF project for Zero Trust framework and supporting elements that could be shared between multiple ASWF projects.

Non-goals of the working group

  1. Maintain code for actual solutions beyond samples needed to support documentation.
  2. Duplicate security work already being done in other Working Groups, such as CI.

Deliverables

  1. Documentation of guidelines and best practices to help other ASWF projects incorporate the mechanisms and components necessary for operating in a ZT environment.
  2. Proposals for other projects, such as frameworks or code, that the group may determine are needed.
jmertic commented 3 months ago

Hey @j-helman - thanks for this. I know you have the other issue ( #620 ) - just clarifying that the aim for the meeting today is awareness of the proposal and not a presentation - is that accurate?

j-helman commented 3 months ago

Correct. Today, we'll explain the need, where we're at, and clarify next steps towards approval.

jmertic commented 3 months ago

Excellent! I've scheduled the formal presentation for April 3 ( next opening )

j-helman commented 3 months ago

Perfect.

j-helman commented 3 months ago

Deck on the topic...

ASWF Zero Trust Security WG 2024-04-03.pptx

jmertic commented 2 months ago

Group was approved during the 4/3 meeting. TAC requested a three-month follow-up review.

jmertic commented 6 days ago

@j-helman Confirming the 3 month review during the 7/10 TAC meeting - please advise